1. Technical Field
The present application relates generally to an improved data processing system and method. More specifically, the present application is directed to an encryption apparatus and method for providing an encrypted file system.
2. Description of Related Art
The Encrypting File System (EFS) is a file system available in Microsoft's Windows 2000™, Windows XP™, Windows Server 2003™, and now Windows Media Center 2005™ operating systems. The EFS technology transparently allows files to be stored encrypted on NT File System (NTFS) or other type file systems to protect confidential data from attackers with physical access to the computer.
User authentication and access control lists can protect files from unauthorized access while the operating system is running, but are easily circumvented if an attacker gains physical access to the computer. A solution is to store the files encrypted on the disks of the computer. EFS does this using public key cryptography and aims to ensure that decrypting the files is practically impossible without the correct key. However, EFS does not prevent brute-force attacks against the user account passwords. In other words, file encryption doesn't provide much protection if the account password is easily guessed.
With EFS, files and folders that are to be encrypted by the file system must be marked with an encryption attribute. As with file permissions in NTFS, for example, if a folder is marked for encryption then by default all files and subfolders that exist in the folder are also encrypted. When files are copied to another volume that is formatted with another file system (for instance FAT32) then the files and/or folders are decrypted before copying them over to that file system. The only exception is when files are backed up, in which case the files are not decrypted.
EFS works by encrypting a file with a bulk symmetric key (also known as the File Encryption Key, or FEK), which is used because it takes a relatively smaller amount of time to encrypt and decrypt large amounts of data than if an asymmetric key cipher is used. The symmetric key that is used to encrypt the file is then encrypted with a public key that is associated with the user who encrypted the file, and this encrypted data is stored in the header of the encrypted file. To decrypt the file, the file system uses the private key of the user to decrypt the symmetric key that is stored in the file header. It then uses the symmetric key to decrypt the file. Because this is done at the file system level, it is transparent to the user. More information regarding Microsoft's EFS may be obtained from Wikipedia at www.wikipedia.org and Microsoft at www.microsoft.com.
The encryption used by EFS is referred to as Electronic Code Book (ECB) encryption. With ECB encryption, a block of data that is the length of the encryption key, e.g., 56 bits, 128 bits, or the like, is encrypted with the encryption key using an encryption algorithm such as Data Encryption Standard (DES), Triple Data Encryption Standard (3DES), Advanced Encryption Standard (AES), or the like. ECB encryption is shown conceptually in FIG. 1. As shown in FIG. 1, a block of plaintext 110 is input along with the encryption key 120 to an encryption algorithm 130. The encryption algorithm 130 encrypts the plaintext 110 using the encryption key 120 to generate a first cipher text 140. This type of encryption is performed for each block of plaintext 110, 150 and 160 to generate cipher texts 140, 170 and 180 that are part of a sequence of encrypted data blocks that comprise the encrypted file 190.
Using the ECB encryption methodology, a cryptanalyst can break the encryption without ever discovering the encryption key 120. The weakness in this method is due to cribs, i.e. known plaintext, and stereotypical beginnings and endings. For example, if the cryptanalyst knows that a mail message begins with “To:Bob” and the cipher is “oxG29vq”, then on all other messages, when the cryptanalyst encounters “oxG29vq”, the cryptanalyst will know that the plaintext is “To:Bob”. Because of this vulnerability, most security systems, such as IPsec, ssh, etc., do not use ECB.
ECB encryption is used with known Encrypted File Systems because of the speed at which the encryption mechanism may be applied to plaintext. That is, if a change is necessary to a portion of a file in an Encrypted File System, the portion of the file that needs to be modified may be quickly decrypted, modified, and re-encrypted, since each block of plaintext is encrypted independent of each other block of plaintext. However, as mentioned above, ECB encryption has inherent weaknesses with regard to the ability to generate mappings between cipher text and plaintext. More elaborate, and more secure encryption methodologies, are not used in known Encrypted File Systems because they require that the entire file, or a significant portion of the file, be decrypted, modified, and then re-encrypted every time the slightest change is made to a file. Such encryption mechanisms create significant performance penalties that are not suitable for use with an Encrypted File System.